zlacker

It's a black art (e.g. Windows Installer). But these days using open tools it's not so bad. A desktop app can be built early with only free microsoft tools and really well packaged with free non-microsoft (ok microsoft-adjacent) tools like Squirrel. That wouldn't make them isolated in the sense of store apps, however.

>>alkona+(OP)
I actually like WiX[1] — it has a bit of a learning curve, but, so long as I'm building on Windows and don't stray far from the default UI flows, I haven't found an easier tool for creating Windows installers as part of a product build process, especially those that require Windows-specific bits like COM component registration, Windows service management, setting restrictive ACLs on installed components, etc.

And while I'm not aware of any way to sandbox Windows Installer itself, I'm curious if AppContainer isolation can be applied to applications and services installed via MSI, which would still be quite useful even if the installation process itself is unrestricted.

Alternatively, now that MSIX supports service installation[2], I wonder whether an MSIX including a Windows service and a collection of client applications can be configured so everything runs within one AppContainer, isolated from the rest of the system, and whether permission to access specific external directories chosen by users in a configuration GUI can be transparently (to the user) delegated to the related service.

Alas, none of this is useful to me unless it's compatible with at least the most recent version of Windows 10: very few of my customers are running Windows 11, and I suspect many won't upgrade until Windows 10 is no longer supported (optimistically; as of last year, I was still getting occasional support requests from customers running older versions of our software on Windows Server 2003 R2).

[1] https://wixtoolset.org

[2] https://learn.microsoft.com/en-us/windows/msix/supported-pla...